CVE-2017-7529

MEDIUM

Description

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.

References

http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html

http://www.securityfocus.com/bid/99534

http://www.securitytracker.com/id/1039238

https://access.redhat.com/errata/RHSA-2017:2538

https://puppet.com/security/cve/cve-2017-7529

Details

Source: MITRE

Published: 2017-07-13

Updated: 2018-01-05

Type: CWE-190

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH